When Is Flash-Plugin not a Flash Plugin?

When it’s a FakeAv/Rogueware downloader, of course. An interesting note about the malware served from the ongoing malware operation recently moved to 95.211.8.20 and is covered in many previousposts…since August 1st, the group now serves up executables labelled as flash plugins. It seems their “viewer” (streamviewer.exe, tubeviewer.exe, porntubeviewer.exe, etc) theme wasn’t as successful as it used to be. Here are a few that ThreatFire prevented in the community today: